Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?

"M. Ranganathan" <mranga@gmail.com> Thu, 02 November 2017 16:26 UTC

Return-Path: <mranga@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAC0A13F729 for <netmod@ietfa.amsl.com>; Thu, 2 Nov 2017 09:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dpz6AI0Odcf for <netmod@ietfa.amsl.com>; Thu, 2 Nov 2017 09:26:43 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C87B613F5D1 for <netmod@ietf.org>; Thu, 2 Nov 2017 09:26:42 -0700 (PDT)
Received: by mail-oi0-x22a.google.com with SMTP id q4so91313oic.7 for <netmod@ietf.org>; Thu, 02 Nov 2017 09:26:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0Cjx1VEPirnLLL7N1qWyvrYSgGYe3yHyx2P5Xb2xQuY=; b=Dxa+BdrvRAsKpAi+Kbl1Et1RYYv/XGuukvuZ3gVbg99FZOWcPZj2doLHjmBDuCAPQL +nNeXU7zlrhoVV2gSfA0ATGnv7bjRmVzRHW4y+/uTJFha1U4Sma87wC5IpwCUk9HaQkS XdomNtAvVmBC4+jVbFFNuqr8InHU8fypizzWF5iz00kPDyw6oUTCYfrDyekD2Jn5VIQF JwUgGoewOgyp/Zw6eqfp46yyHczfJwMU6P+A1DjUEqjukjzVyBeuZjdo+dmfnxed6lR4 V6jDdu3Oq1uyVEBsfVXBBV+zmVbHGlc78zeTS60nu0ruIzhcoQ22Xm9WvngwaaEGfaFp az3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0Cjx1VEPirnLLL7N1qWyvrYSgGYe3yHyx2P5Xb2xQuY=; b=YW2zTMKVzWYJqrg6IClFRFgH7VY3sQzbx+nNwDyNN/WalZhgCSyiq2+LfB2ORZ8Vei RIxK35ZfFBy8CHloQLypbS42oih9VOKB9XoSRy2hSdgLsDZGfrbTgoyo4rQlJTTyATKU iqhRZZkbqYv7WokI7/9MnDPUj0dlEPa+ENt1iPaSw/0HkMmiTAr1J4OyosMbwt/Th8Gr FiJBccO8zACz9ARK3N8Tp9spCpJMVjX2tu5SfZ6pOEqWwIMA7Lb/KHsaM61RSbfnRTcl dkh0AGNcoorKJLo4lldSSi4WhA6bgWFf6JTTdT4cjWE058oMTUUpfNPNRMXSIcb2B0kK E4pA==
X-Gm-Message-State: AMCzsaXGKlyg6tTkuSYKqosmCpk/OP3ZBeaVX6NKg6ZPNwcRLx2wnnrx Yrkx0uQ/gNZu51C1y7ISFPYPQPsyV2BnD/OmFT8=
X-Google-Smtp-Source: ABhQp+SosvMzX0WP86POEtEXOgGz5N19biFg/m3wE3uclbLxzGrF7HOonmTtG1nOgRTXchu5S745DUOe68y3eJirvZo=
X-Received: by 10.202.97.215 with SMTP id v206mr2187991oib.367.1509640002017; Thu, 02 Nov 2017 09:26:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.133 with HTTP; Thu, 2 Nov 2017 09:26:01 -0700 (PDT)
In-Reply-To: <CABCOCHSVVJiYa-eNeHoNbsCm_enK9hv28Edo5hvxKrJkp64JLw@mail.gmail.com>
References: <CAHiu4JPKNE6eL=P6TSb1NCMGpFvcX4BxTWFRcDR+BDQN9kWj2Q@mail.gmail.com> <6B80D720-C62B-444E-A0D0-E4839F5483D2@gmail.com> <CAHiu4JP2RTamZnfvwimPMAo+03vVn9y2gO+5z=R0DxUzwMOEHg@mail.gmail.com> <a5f545bf-1f1e-188b-be03-eed1fb321e03@cisco.com> <CAHiu4JPAAmBybnjaKO8AGnHaW4nwVXy2Q3QYn0QJSatmPVK=mQ@mail.gmail.com> <CABCOCHSVVJiYa-eNeHoNbsCm_enK9hv28Edo5hvxKrJkp64JLw@mail.gmail.com>
From: "M. Ranganathan" <mranga@gmail.com>
Date: Thu, 2 Nov 2017 12:26:01 -0400
Message-ID: <CAHiu4JMWVziseZ60_OqnSttbLTfvLxTo0mppCKTVpiYb-fVzuw@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
Cc: Robert Wilton <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d21d40f1f29055d027474"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/sJOjJI1bXC0poWMopHeLVZ5UThw>
Subject: Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 16:26:45 -0000

Hi Andy

On Thu, Nov 2, 2017 at 11:55 AM, Andy Bierman <andy@yumaworks.com> wrote:

>
>
> On Thu, Nov 2, 2017 at 8:34 AM, M. Ranganathan <mranga@gmail.com> wrote:
>
>> Hi Rob, Mahesh,
>>
>> Thanks for reading.
>>
>> On Thu, Nov 2, 2017 at 11:00 AM, Robert Wilton <rwilton@cisco.com> wrote:
>>
>>> Hi Ranga,
>>>
>>> Presumably another choice would to keep ACLs defined in one place (i.e.
>>> no grouping required), augment with ACL model with your extra MUD + other
>>> mgmt data, and then have a reference to that ACL from your model.
>>>
>>> Thanks,
>>> Rob
>>>
>>
>>  In the case of MUD ( which is just a use case driving this need ), there
>> are local references from MUD to the ACL. MUD itself augments the ACL
>> model.
>>
>> Augmentation would make (logical and design) sense if you were adding
>> nodes that are in some way related to the ACL itself.
>>
>> If I wanted to Augment ACL with something that is not directly ACL
>> relevant then Augmentation makes less sense to me from a design perspective
>> (lets say I wanted to define a new YANG model that includes the ACL with
>> some other system-relavant meta-data that has nothing to do with ACLs but
>> is needed by the system in order to install an ACL).
>>
>> Making access-lists into a grouping and then using it in a container does
>> not alter the ACL model as it currently stands but allows designers to use
>> the ACL model with either augmentation or inclusion in other YANG models.
>> Hence it improves the usability of the ACL model without altering the
>> semantics of the current model. It is just a re-structuring but it helps
>> the implementer.
>>
>>
> Loosely coupled tables should use leafref.
> The main concern of the NETMOD WG should be the usability of the primary
> solution.
>
>
>

Not sure I understand the suggestion of using a leafref (please excuse my
ignorance -- I am not a YANG expert by any stretch). If I used leafref,
what leaf would I be referring to if I wanted to point to the access
control list from another YANG model?

Also I note from the description of Access Control Lists the following that
would indicate that it is a primary solution that one may like to re-use in
another model.

 description
      "This is a top level container for Access Control Lists.
       It can have one or more Access Control Lists.";



If the requested change were made, would it result in excessive churn ?

Thanks

Regards,

Ranga.


-- 
M. Ranganathan

>
>
> _______________________________________________
> netmod mailing listnetmod@ietf.orghttps://www.ietf.org/mailman/listinfo/netmod
>
>
>
>>
>>
>> --
>> M. Ranganathan
>>
>> _______________________________________________
>> netmod mailing list
>> netmod@ietf.org
>> https://www.ietf.org/mailman/listinfo/netmod
>>
>>
>


-- 
M. Ranganathan